MiStorage with the Common Internet File System (CIFS) protocol provides a secure environment to store most types of sensitive university data. However, you should still exercise caution when storing sensitive data in MiStorage with CIFS (Gold or Silver). See Sensitive Data Guide: MiStorage with CIFS for details.
MiStorage with the Network File System (NFS) version 3 protocol should not be used to store data that is classified as sensitive or critical to the operation of the university. MiStorage NFS (Gold or Silver) is a good choice for data that, if disclosed to the general public, poses little or no risk to the university's reputation, resources, services, or individuals.
Improving Security for MiStorage NFS
Instructions for IT Staff
Although MiStorage NFS is not permitted for the storing of sensitive institutional data, we recommend you improve the security when using it by:
- Configuring all authorized MiStorage clients according to modern hardening guidelines and keep software up-to-date by applying updates and patches as soon as possible after appropriate testing.
- When ordering or modifying your access to Mirage, provide only those IP addresses that are allocated to your authorized MiStorage client hosts.
- Protecting the client IP subnet and physical network from unauthorized access.
- Ensuring that users are instructed not to share their passwords with others.
- Avoiding using shared accounts (where multiple users log in with a single username/password).
- Restricting the management and editing of password and group files (/etc/passwd, /etc/group) on client hosts to authorized system administrators only.
- Tightly controlling and monitoring root access on client hosts.
Instructions for Researchers
Network security always begins with the individual. Keep passwords secure and never share them with anyone. Shared accounts (where multiple users share one account and password) should not be used.
The following safeguards should be in place inside the local computing environment to protect availability and integrity of data, as well as to prevent IP spoofing:
- Strong host-based security control of client hosts.
- Strong network security control of the client networks.
- Strong physical security controls of the client networks and hosts.
- A highly-managed client environment.
For More Information
For information about U-M IT security policies and appropriate storage of sensitive university data, see: